<?php
session_start();
require_once 'includes/Security.php';
require_once 'includes/User.php';

// 初始化安全设置
Security::secureSession();

$user = new User();
$message = '';

// 处理登录请求
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
    if (!Security::validateCSRFToken($_POST['csrf_token'] ?? '')) {
        $message = '无效的请求';
    } else {
        if ($_POST['action'] === 'login') {
            $result = $user->login($_POST['username'], $_POST['password']);
            if ($result['success']) {
                header('Location: dashboard.php');
                exit;
            }
            $message = $result['message'];
        } elseif ($_POST['action'] === 'register') {
            $result = $user->register($_POST['username'], $_POST['email'], $_POST['password']);
            $message = $result['message'];
        }
    }
}

// 如果用户已登录，重定向到仪表板
if ($user->isLoggedIn()) {
    header('Location: dashboard.php');
    exit;
}
?>
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>个人文件管理系统</title>
    <link href="https://cdn.bootcdn.net/ajax/libs/twitter-bootstrap/5.1.3/css/bootstrap.min.css" rel="stylesheet">
    <style>
        body {
            background-color: #f8f9fa;
        }
        .auth-container {
            max-width: 400px;
            margin: 100px auto;
            padding: 20px;
            background: white;
            border-radius: 10px;
            box-shadow: 0 0 10px rgba(0,0,0,0.1);
        }
        .nav-tabs {
            margin-bottom: 20px;
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="auth-container">
            <ul class="nav nav-tabs" id="authTabs" role="tablist">
                <li class="nav-item">
                    <a class="nav-link active" id="login-tab" data-bs-toggle="tab" href="#login" role="tab">登录</a>
                </li>
                <li class="nav-item">
                    <a class="nav-link" id="register-tab" data-bs-toggle="tab" href="#register" role="tab">注册</a>
                </li>
            </ul>

            <?php if ($message): ?>
                <div class="alert alert-info"><?php echo Security::sanitizeOutput($message); ?></div>
            <?php endif; ?>

            <div class="tab-content">
                <!-- 登录表单 -->
                <div class="tab-pane fade show active" id="login" role="tabpanel">
                    <form method="POST" action="">
                        <input type="hidden" name="csrf_token" value="<?php echo Security::generateCSRFToken(); ?>">
                        <input type="hidden" name="action" value="login">
                        
                        <div class="mb-3">
                            <label for="username" class="form-label">用户名</label>
                            <input type="text" class="form-control" id="username" name="username" required>
                        </div>
                        
                        <div class="mb-3">
                            <label for="password" class="form-label">密码</label>
                            <input type="password" class="form-control" id="password" name="password" required>
                        </div>
                        
                        <button type="submit" class="btn btn-primary w-100">登录</button>
                    </form>
                </div>

                <!-- 注册表单 -->
                <div class="tab-pane fade" id="register" role="tabpanel">
                    <form method="POST" action="">
                        <input type="hidden" name="csrf_token" value="<?php echo Security::generateCSRFToken(); ?>">
                        <input type="hidden" name="action" value="register">
                        
                        <div class="mb-3">
                            <label for="reg-username" class="form-label">用户名</label>
                            <input type="text" class="form-control" id="reg-username" name="username" required>
                        </div>
                        
                        <div class="mb-3">
                            <label for="email" class="form-label">邮箱</label>
                            <input type="email" class="form-control" id="email" name="email" required>
                        </div>
                        
                        <div class="mb-3">
                            <label for="reg-password" class="form-label">密码</label>
                            <input type="password" class="form-control" id="reg-password" name="password" required>
                        </div>
                        
                        <button type="submit" class="btn btn-success w-100">注册</button>
                    </form>
                </div>
            </div>
        </div>
    </div>

    <script src="https://cdn.bootcdn.net/ajax/libs/twitter-bootstrap/5.1.3/js/bootstrap.bundle.min.js"></script>
</body>
</html> 